lv.pasts.eme.tsp

Class TimeStampGenerator

java.lang.Object

lv.pasts.eme.tsp.TimeStampGenerator

public final class TimeStampGenerator
extends Object

TimeStampGenerator class provides functionality to obtain time stamps accordingly to Time Stamp Protocol (RFC 3161).

Since:

1.3.0

Field Summary

Fields

Modifier and Type	Field and Description
static String	DIGEST_ALGORITHM_SHA1
static String	DIGEST_ALGORITHM_SHA256
static String	DIGEST_ALGORITHM_SHA384
static String	DIGEST_ALGORITHM_SHA512

Method Summary

Modifier and Type	Method and Description
static String	getFailureInfoMessage(lv.eparaksts.org.bouncycastle.v170.asn1.cmp.PKIFailureInfo failureInfo)
static Map<String,String>	getForwardedClientCertRequestProperties(X509Certificate cert) Encodes client certificate to be used for TimeStamp requests.
static String	getStatusMessage(int status)
static String	getTimeStampResponderURL(X509Certificate cert) Returns TimeStamp responder URL associated with the given certificate.
static TimeStamp	requestTimeStamp(byte[] digest, KeyAccessor keyAccessor) Deprecated. obsolete, use requestTimeStamp(String, byte[], KeyAccessor)
static TimeStamp	requestTimeStamp(byte[] digest, KeyStore.Builder keyStoreBuilder, String alias) Deprecated. obsolete, use requestTimeStamp(String, byte[], java.security.KeyStore.Builder, String)
static TimeStamp	requestTimeStamp(byte[] digest, KeyStore.Builder keyStoreBuilder, String alias, String responderURL) Deprecated. obsolete, use requestTimeStamp(String, byte[], java.security.KeyStore.Builder, String, String)
static TimeStamp	requestTimeStamp(byte[] digest, String responderURL) Deprecated. obsolete, use requestTimeStamp(String, byte[], String, SSLSocketFactory)
static TimeStamp	requestTimeStamp(byte[] digest, String responderURL, SSLSocketFactory sslSocketFactory) Deprecated. obsolete, use requestTimeStamp(String, byte[], String, SSLSocketFactory)
static TimeStamp	requestTimeStamp(byte[] digest, String responderURL, SSLSocketFactory sslSocketFactory, Map<String,String> requestProperties) Deprecated. obsolete, use requestTimeStamp(String, byte[], String, SSLSocketFactory, Map)
static TimeStamp	requestTimeStamp(String digestAlgorithmOID, byte[] digest, KeyAccessor keyAccessor)
static TimeStamp	requestTimeStamp(String digestAlgorithmOID, byte[] digest, KeyStore.Builder keyStoreBuilder, String alias)
static TimeStamp	requestTimeStamp(String digestAlgorithmOID, byte[] digest, KeyStore.Builder keyStoreBuilder, String alias, String responderURL) Requests a new TimeStamp for the given message digest.
static TimeStamp	requestTimeStamp(String digestAlgorithmOID, byte[] digest, String responderURL, int timeout, SSLSocketFactory sslSocketFactory, Map<String,String> requestProperties)
static TimeStamp	requestTimeStamp(String digestAlgorithmOID, byte[] digest, String responderURL, SSLSocketFactory sslSocketFactory) Requests a new TimeStamp for the given message digest.
static TimeStamp	requestTimeStamp(String digestAlgorithmOID, byte[] digest, String responderURL, SSLSocketFactory sslSocketFactory, Map<String,String> requestProperties) Requests a new TimeStamp for the given message digest.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DIGEST_ALGORITHM_SHA1

public static final String DIGEST_ALGORITHM_SHA1

DIGEST_ALGORITHM_SHA256

public static final String DIGEST_ALGORITHM_SHA256

DIGEST_ALGORITHM_SHA384

public static final String DIGEST_ALGORITHM_SHA384

DIGEST_ALGORITHM_SHA512

public static final String DIGEST_ALGORITHM_SHA512

Method Detail

requestTimeStamp

@Deprecated
public static TimeStamp requestTimeStamp(byte[] digest,
                                                      KeyAccessor keyAccessor)
                                               throws TSPException

Deprecated. obsolete, use requestTimeStamp(String, byte[], KeyAccessor)

Requests a new TimeStamp for the given message digest. Note that the returned TimeStamp instance is not validated.

The given message digest must be computed using a SHA-1 digest algorithm.

The location of the TSP responder is resolved using the client authentication certificate by the given alias.
The SubjectKeyIdentifier value of the certificate's root CA certificate is used to construct the 'tsp.responder.url' configuration property,
e.g. if the SubjectKeyIdentifier value is 'ccc3f566ff73ac385a961b2189b8814c1fcb5e25', the configuration property used is 'tsp.responder.url.ccc3f566ff73ac385a961b2189b8814c1fcb5e25'.

Parameters:

digest - an array of bytes containing a SHA-1 message digest.

keyAccessor - a KeyAccessor instance used to select a certificate required for TSA client authentication.

Returns:

the newly-created TimeStamp object.

Throws:

TSPException - if the TimeStamp cannot be created.

Since:

1.3.3

requestTimeStamp

public static TimeStamp requestTimeStamp(String digestAlgorithmOID,
                                         byte[] digest,
                                         KeyAccessor keyAccessor)
                                  throws TSPException

Throws:

TSPException

requestTimeStamp

@Deprecated
public static TimeStamp requestTimeStamp(byte[] digest,
                                                      KeyStore.Builder keyStoreBuilder,
                                                      String alias)
                                               throws TSPException

Deprecated. obsolete, use requestTimeStamp(String, byte[], java.security.KeyStore.Builder, String)

Requests a new TimeStamp for the given message digest. Note that the returned TimeStamp instance is not validated.

The given message digest must be computed using a SHA-1 digest algorithm.

The location of the TSP responder is resolved using the client authentication certificate by the given alias.
The SubjectKeyIdentifier value of the certificate's root CA certificate is used to construct the 'tsp.responder.url' configuration property,
e.g. if the SubjectKeyIdentifier value is 'ccc3f566ff73ac385a961b2189b8814c1fcb5e25', the configuration property used is 'tsp.responder.url.ccc3f566ff73ac385a961b2189b8814c1fcb5e25'.

Parameters:

digest - an array of bytes containing a SHA-1 message digest.

keyStoreBuilder - a KeyStore builder used to initialize KeyStore containing certificate entries.

alias - name of a certificate required for TSA client authentication.

Returns:

the newly-created TimeStamp object.

Throws:

TSPException - if the TimeStamp cannot be created.

requestTimeStamp

public static TimeStamp requestTimeStamp(String digestAlgorithmOID,
                                         byte[] digest,
                                         KeyStore.Builder keyStoreBuilder,
                                         String alias)
                                  throws TSPException

Throws:

TSPException

requestTimeStamp

@Deprecated
public static TimeStamp requestTimeStamp(byte[] digest,
                                                      KeyStore.Builder keyStoreBuilder,
                                                      String alias,
                                                      String responderURL)
                                               throws TSPException

Deprecated. obsolete, use requestTimeStamp(String, byte[], java.security.KeyStore.Builder, String, String)

Requests a new TimeStamp for the given message digest. Note that the returned TimeStamp instance is not validated.

The given message digest must be computed using a SHA-1 digest algorithm.

Parameters:

digest - an array of bytes containing a SHA-1 message digest.

keyStoreBuilder - a KeyStore builder used to initialize KeyStore containing certificate entries.

alias - name of a certificate required for TSA client authentication.

responderURL - a URL that identifies the location of the TSP responder.

Returns:

the newly-created TimeStamp object.

Throws:

TSPException - if the TimeStamp cannot be created.

Since:

1.4.0

See Also:

getTimeStampResponderURL(X509Certificate)

requestTimeStamp

public static TimeStamp requestTimeStamp(String digestAlgorithmOID,
                                         byte[] digest,
                                         KeyStore.Builder keyStoreBuilder,
                                         String alias,
                                         String responderURL)
                                  throws TSPException

Requests a new TimeStamp for the given message digest. Note that the returned TimeStamp instance is not validated.

Parameters:

digestAlgorithmOID - digest algorithm OID.

digest - an array of bytes containing a message digest.

keyStoreBuilder - a KeyStore builder used to initialize KeyStore containing certificate entries.

alias - name of a certificate required for TSA client authentication.

responderURL - a URL that identifies the location of the TSP responder.

Returns:

the newly-created TimeStamp object.

Throws:

TSPException - if the TimeStamp cannot be created.

requestTimeStamp

@Deprecated
public static TimeStamp requestTimeStamp(byte[] digest,
                                                      String responderURL)
                                               throws TSPException

Deprecated. obsolete, use requestTimeStamp(String, byte[], String, SSLSocketFactory)

Requests a new TimeStamp for the given message digest. Note that the returned TimeStamp instance is not validated.

The given message digest must be computed using a SHA-1 digest algorithm.

NOTE: This method is intended to request TimeStamp objects from authorities that do not require a client authentication. When the client authentication is required, use the requestTimeStamp(byte[], String, SSLSocketFactory) method instead.

Parameters:

digest - an array of bytes containing a SHA-1 message digest.

responderURL - a URL that identifies the location of the TSP responder.

Returns:

the newly-created TimeStamp object.

Throws:

TSPException - if the TimeStamp cannot be created.

Since:

2.1.0

See Also:

getTimeStampResponderURL(X509Certificate)

requestTimeStamp

@Deprecated
public static TimeStamp requestTimeStamp(byte[] digest,
                                                      String responderURL,
                                                      SSLSocketFactory sslSocketFactory)
                                               throws TSPException

Deprecated. obsolete, use requestTimeStamp(String, byte[], String, SSLSocketFactory)

Requests a new TimeStamp for the given message digest. Note that the returned TimeStamp instance is not validated.

The given message digest must be computed using a SHA-1 digest algorithm.

The given SSLSocketFactory must provide an optional set of key and trust managers when using a secure connection.

Parameters:

digest - an array of bytes containing a SHA-1 message digest.

responderURL - a URL that identifies the location of the TSP responder.

sslSocketFactory - SSLSocketFactory to use for HTTPS connections.

Returns:

the newly-created TimeStamp object.

Throws:

TSPException - if the TimeStamp cannot be created.

Since:

1.4.1

See Also:

getTimeStampResponderURL(X509Certificate)

requestTimeStamp

public static TimeStamp requestTimeStamp(String digestAlgorithmOID,
                                         byte[] digest,
                                         String responderURL,
                                         SSLSocketFactory sslSocketFactory)
                                  throws TSPException

Requests a new TimeStamp for the given message digest. Note that the returned TimeStamp instance is not validated.

The given SSLSocketFactory must provide an optional set of key and trust managers when using a secure connection.

Parameters:

digestAlgorithmOID - digest algorithm OID.

digest - an array of bytes containing a message digest.

responderURL - a URL that identifies the location of the TSP responder.

sslSocketFactory - SSLSocketFactory to use for HTTPS connections.

Returns:

the newly-created TimeStamp object.

Throws:

TSPException - if the TimeStamp cannot be created.

requestTimeStamp

@Deprecated
public static TimeStamp requestTimeStamp(byte[] digest,
                                                      String responderURL,
                                                      SSLSocketFactory sslSocketFactory,
                                                      Map<String,String> requestProperties)
                                               throws TSPException

Deprecated. obsolete, use requestTimeStamp(String, byte[], String, SSLSocketFactory, Map)

Requests a new TimeStamp for the given message digest. Note that the returned TimeStamp instance is not validated.

The given message digest must be computed using a SHA-1 digest algorithm.

The given SSLSocketFactory must provide an optional set of key and trust managers when using a secure connection.

Parameters:

digest - an array of bytes containing a SHA-1 message digest.

responderURL - a URL that identifies the location of the TSP responder.

sslSocketFactory - SSLSocketFactory to use for HTTPS connections.

requestProperties - properties to add for the TimeStamp HTTP request.

Returns:

the newly-created TimeStamp object.

Throws:

TSPException - if the TimeStamp cannot be created.

requestTimeStamp

public static TimeStamp requestTimeStamp(String digestAlgorithmOID,
                                         byte[] digest,
                                         String responderURL,
                                         SSLSocketFactory sslSocketFactory,
                                         Map<String,String> requestProperties)
                                  throws TSPException

Requests a new TimeStamp for the given message digest. Note that the returned TimeStamp instance is not validated.

The given SSLSocketFactory must provide an optional set of key and trust managers when using a secure connection.

Parameters:

digestAlgorithmOID - digest algorithm OID.

digest - an array of bytes containing a message digest.

responderURL - a URL that identifies the location of the TSP responder.

sslSocketFactory - SSLSocketFactory to use for HTTPS connections.

requestProperties - properties to add for the TimeStamp HTTP request.

Returns:

the newly-created TimeStamp object.

Throws:

TSPException - if the TimeStamp cannot be created.

requestTimeStamp

public static TimeStamp requestTimeStamp(String digestAlgorithmOID,
                                         byte[] digest,
                                         String responderURL,
                                         int timeout,
                                         SSLSocketFactory sslSocketFactory,
                                         Map<String,String> requestProperties)
                                  throws TSPException

Throws:

TSPException

getTimeStampResponderURL

public static String getTimeStampResponderURL(X509Certificate cert)
                                       throws Exception

Returns TimeStamp responder URL associated with the given certificate.

The URL is resolved using the EDOC configuration, where it is assumed that each certification path defines exactly one time stamping authority. In order to configure a time stamping authority responder, a property named 'tsp.responder.url.SKI' must be defined where 'SKI' is the subject key identifier from the corresponding certification path ROOT certificate.

Parameters:

cert - the certificate.

Returns:

TimeStamp responder URL.

Throws:

Exception - if the given certificate is unknown.

getForwardedClientCertRequestProperties

public static Map<String,String> getForwardedClientCertRequestProperties(X509Certificate cert)
                                                                  throws CertificateEncodingException

Encodes client certificate to be used for TimeStamp requests.

Parameters:

cert - the certificate used as 'X-Forwarded-Client-Cert' request property.

Returns:

property map.

Throws:

CertificateEncodingException - if an encoding error occurs.

getStatusMessage

public static String getStatusMessage(int status)

getFailureInfoMessage

public static String getFailureInfoMessage(lv.eparaksts.org.bouncycastle.v170.asn1.cmp.PKIFailureInfo failureInfo)